Use this command to audit an IBM® Tivoli® Storage Manager-controlled
namespace on a Lightweight Directory Access Protocol (LDAP) server.
The LDAP directory server and namespace are specified through one
or more LDAPURL options.
Nodes and administrator user IDs that do
not authenticate
their passwords with the LDAP directory server are deleted with the AUDIT
LDAPDIRECTORY FIX=YES command. Nodes or administrator user
IDs that no longer exist in the Tivoli Storage
Manager database
are also deleted.
Before you issue this command,
ensure that the
LDAPURL option
is specified in the
dsmserv.opt file. See the
LDAPURL option for more information.
If you specified more than one
LDAPURL option
in the
dsmserv.opt file, each option is validated
in the order in which they are placed. If the
LDAPURL option
is not specified, the command fails.
Privilege
class
You must have system privileges
to issue this command.
Syntax
.-Fix--=--No------.
>>-AUDIT LDAPdirectory--+-----------------+--------------------->
'-Fix--=--+-No--+-'
'-Yes-'
.-Wait--=--No------.
>--+------------------+----------------------------------------><
'-Wait--=--+-No--+-'
'-Yes-'
Parameters
- Fix
- This optional parameter specifies how the Tivoli Storage
Manager server resolves
inconsistencies between the database and the external directory. The
default is NO. You can specify the following values:
- No
- The server reports all inconsistencies but does not change the
external directory.
- Yes
- The server resolves any inconsistencies that it can and suggests
further actions, if needed.
Important: If there are LDAP
entries that are shared with other Tivoli Storage
Manager servers,
choosing YES might cause those servers to become out-of-sync.
- Wait
- This optional parameter specifies whether to wait for the Tivoli Storage
Manager server to
complete processing this command in the foreground. The default is
NO. You can specify the following values:
- No
- The server processes this command in the background and you can
continue with other tasks while the command is processing. Messages
related to the background process are shown either in the activity
log file or the server console, depending on where the messages are
logged.
- Yes
- The server processes this command in the foreground. The operation
must complete before you can continue with other tasks. Messages are
shown either in the activity log file or the server console, or both,
depending on where the messages are logged.
Restriction: You
cannot specify WAIT=YES from the server console.
Example:
Audit an LDAP directory and repair inconsistencies
Audit
the LDAP directory that you specified in the
LDAPURL option.
The
Tivoli Storage
Manager server
resolves some inconsistencies.
audit ldapdirectory fix=yes
ANR2749W Admin ADMIN1 was located in the LDAP directory server but not in the database.
ANR2749W Admin ADMIN2 was located in the LDAP directory server but not in the database.
ANR2749W Admin NODE1 was located in the LDAP directory server but not in the database.
ANR2749W Admin NODE2 was located in the LDAP directory server but not in the database.
ANR2748W Node NODE1 was located in the LDAP directory server but not in the database.
ANR2748W Node NODE2 was located in the LDAP directory server but not in the database.
ANR2745I AUDIT LDAPDIRECTORY command completed: 4 administrator entries are only in the
LDAP directory server (not in the Tivoli Storage Manager server), 0 administrator entries
are only in the Tivoli Storage Manager server (not in the LDAP directory server), 2 node
entries are only in the LDAP directory server (not in the Tivoli Storage Manager server),
0 node entries are only in the Tivoli Storage Manager server, (not in the LDAP directory
server), 6 entries were deleted from the LDAP server in total.
Related commands
Table 1. Commands related to AUDIT LDAPDIRECTORYCommand |
Description |
SET DEFAULTAUTHENTICATION |
Specifies the default password authentication
method for any REGISTER NODE or REGISTER ADMIN commands. |
SET LDAPPASSWORD |
Sets the password for the LDAPUSER. |
SET LDAPUSER |
Sets the user who oversees the passwords
and administrators on the LDAP directory server. |